A Dark Side of Data Portability: Litigators Love It (Forbes Cross-Post)

Cloud services are great, but they pose a number of challenges for users. For example, users may legitimately fear that vendors will “lock-in” their users by holding user data hostage, forcing users to keep using their services instead of better competitors because it’s too painful to forego or transfer the existing data. To ameliorate this concern, there has been a push to demand that cloud service providers offer users a data export feature that makes it easier to take their data to competitive vendors. For example, earlier this year the European Union proposed revising its data privacy rules to require mandatory data portability (see Article 18). However, those favoring the proliferation of data export tools should consider another audience that will find the tools quite useful: litigators seeking to do discovery of cloud users.

A recent case involving Facebook ($FB) illustrates the point. The underlying case involves the sinking of a spud barge, the M/V Whitetail I. Joshua Pellegrin claimed he suffered personal injuries in the sinking. A litigation opponent of Pellegrin, White Tail Oilfield Services (“White Tail”), sought discovery of the contents of Pellegrin’s Facebook account (the exact request: “[f]or each Facebook account maintained by you, please produce your account data for the period of September 1, 2010, through present.”) The opinion doesn’t indicate what White Tail was looking for, but we have seen litigants repeatedly burned by social media evidence that contradicts their factual assertions. This is especially true for personal injury plaintiffs who overclaim the extent of their injuries.

Pellegrin agreed to provide the requested data, but he later asserted that he didn’t know how to download his data from Facebook. This isn’t really a credible response by Pellegrin. Even if it’s absolutely impossible to try to navigate Facebook’s so-called “Help” pages, a Google search for “how do i download facebook” immediately led me to a Facebook page entitled “Downloading Your Info” with a simple four-step process for downloading the info. Pellegrin’s counsel said the snafu was due to problems with Google Chrome, also a dubious claim (I had no problem exporting my Facebook data using Google Chrome, although it came in a disaggregated format).

Undeterred by Pellegrin’s possible stonewalling, White Tail did several things. It subpoeaned Facebook, which agreed to help Pellegrin navigate the data export tool (but he didn’t respond to Facebook’s efforts). It offered to pay for an IT specialist to walk Pellegrin through the steps. It also obtained Pellegrin’s Facebook login credentials, but the data export tool emails its results to the accountholder (i.e., Pellegrin) instead of displaying them to White Tail.

Ultimately, the court orders Pellegrin to forward the exported data to White Tail once he receives it by email. This is an incredibly reasonable outcome to Pellegrin’s Facebook travails, and I’m hard-pressed to understand why plaintiff’s counsel didn’t just agree to do this without judicial intervention. Also a bit unusual is that White Tail already had gotten unrestricted access to Pellegrin’s Facebook account. But if Pellegrin had done a little housekeeping before handing over the account’s login credentials, just having account access wasn’t enough–the data export tool was needed to find any deleted content.

This litigation provides a case study of how determined litigants will try to take advantage of the one-stop-shopping that a cloud service’s data export tool provides. Mandating that cloud services provide data export tools, like the EU is proposing to do, will ensure that litigants have an irresistible data-rich target for discovery–thus potentially, and counterproductively, undermining the privacy of individuals who find themselves in litigation.